BuycPanel Blog

Latest news and updates

Using the OWASP ModSecurity Rule Set

Posted by Allura on 10 01 2019.

Introduction

A set of rules that Apache’s ModSecurity™ module uses to help protect one’s server is known as The OWASP (Open Web Application Security Project) ModSecurity™ CRS (Core Rule Set). These rules however do not make one’s server unaffected to attacks, but they greatly increase the amount of protection for one’s web applications.

About OWASP

One should use this set as:

Protection from insecure web application design: It creates a layer of protection for web applications such as WordPress, phpBB, or other types of web applications and protect against vulnerabilities in out-of-date web applications that protect against vulnerabilities in unpatched, out-of-date applications with much potential. If an application developer makes some security mistakes, then the ModSecurity will block a security attack way before it can access the vulnerable application.

Protection against operating system level attack: It provides protection against attacks exploiting the operating system of one’s server. The ModSecurity rules were created by security experts to prevent the use of the exploit thought Apache. These rules added by additional security is also used by the server administrators to their system until the release of a security patch for Bash shell.

Protect against generalized malicious traffic: Some of the security threats faced by server administrators may not attack directly a program or application on one’s server. For example, DoS (Denial of Service) attacks are common attacks. The impact of such malicious traffic can be minimised through the use of ModSecurity rules.

What are the Risks?

It can block legitimate traffic (false positives). Both OWASP and cPanel, Inc. however, aims to assist rule set to minimise potential for false positives and may block legitimate traffic.

One may review the ModSecurity Tools interface (WHM >> Home >> Security Center >> ModSecurity™ Tools) to evaluate the traffic blocked by rule set and check whether it affects the legitimate users or not.